Known Vulnerabilities for products from Concretecms

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Concretecms".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-40109 A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can access forbidden files on their local network. A user wi... 6.4 - MEDIUM 2021-09-27 2021-09-30
CVE-2021-40108 An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the c... 8.8 - HIGH 2021-09-27 2021-09-30
CVE-2021-40106 An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website f... 6.1 - MEDIUM 2021-09-27 2021-10-01
CVE-2021-40105 An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments. 6.1 - MEDIUM 2021-09-27 2021-10-01
CVE-2021-40104 An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass. 7.5 - HIGH 2021-09-27 2021-10-01
CVE-2021-40103 An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF. 7.5 - HIGH 2021-09-27 2021-10-01
CVE-2021-40102 An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (... 9.1 - CRITICAL 2021-09-24 2021-09-30
CVE-2021-40101 An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user's password to be changed without a prompt f... 7.2 - HIGH 2021-11-30 2021-12-01
CVE-2021-40100 An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Edi... 5.4 - MEDIUM 2021-09-24 2021-09-30
CVE-2021-40099 An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code executi... 7.2 - HIGH 2021-09-24 2021-09-30
CVE-2021-40098 An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular ex... 9.8 - CRITICAL 2021-09-27 2021-10-01
CVE-2021-40097 An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via upl... 8.8 - HIGH 2021-09-27 2021-10-01
CVE-2021-36766 Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashbo... 7.2 - HIGH 2021-07-30 2021-09-22
CVE-2021-28145 Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey ... 5.4 - MEDIUM 2021-03-18 2021-11-17
CVE-2021-22970 Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to b... 7.5 - HIGH 2021-11-19 2021-11-23
CVE-2021-22969 Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacke... 5.3 - MEDIUM 2021-11-19 2021-11-23
CVE-2021-22968 A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concret... 7.2 - HIGH 2021-11-19 2021-11-23
CVE-2021-22967 In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to ... 7.5 - HIGH 2021-11-19 2021-11-23
CVE-2021-22966 Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted "view"... 8.8 - HIGH 2021-11-19 2021-11-23
CVE-2021-22958 A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address... 9.8 - CRITICAL 2021-10-07 2021-11-01

Popular searches for "Concretecms"